4 matches found
CVE-2024-11449
A vulnerability in haotian-liu/llava version 1.2.0 LLaVA-1.6 allows for Server-Side Request Forgery SSRF through the /run/predict endpoint. An attacker can gain unauthorized access to internal networks or the AWS metadata endpoint by sending crafted requests that exploit insufficient validation o...
CVE-2024-11449
A vulnerability in haotian-liu/llava version 1.2.0 LLaVA-1.6 allows for Server-Side Request Forgery SSRF through the /run/predict endpoint. An attacker can gain unauthorized access to internal networks or the AWS metadata endpoint by sending crafted requests that exploit insufficient validation o...
CVE-2024-11449
CVE-2024-11449 stems from haotian-liu/llava v1.2.0 (LLaVA-1.6) with insufficient validation of the path parameter on the "/run/predict" endpoint, enabling Server-Side Request Forgery (SSRF). An attacker can access internal networks or AWS metadata by sending crafted requests, leading to unauthori...
CVE-2024-11449 Server-Side Request Forgery in haotian-liu/llava
A vulnerability in haotian-liu/llava version 1.2.0 LLaVA-1.6 allows for Server-Side Request Forgery SSRF through the /run/predict endpoint. An attacker can gain unauthorized access to internal networks or the AWS metadata endpoint by sending crafted requests that exploit insufficient validation o...